Big fat recommendation for Crowdsec

Ganzjahresgriller

I installed Crowdsec on my Mailcow server after this blog: https://blog.vacum.se/securing-mailcow-with-crowdsec/

You just have to adjust the names of the Mailcow containers in /etc/crowdsec/acquis.yaml to the current names but then it works perfectly. And it’s really impressive what Crowdsec finds. Mailcow’s netfilter is nice but it’s no comparison to what you can filter with Crowdsec. I highly recommend it. In my opinion, it’s a must-have for every Mailcow operator.

DocFraggle

Hmm… my main goal of hosting my own mail server was (and still is) to maintain my privacy. Installing crowdsec and therefore exposing my logs to a cloud service is somewhat counterproductive in my opinion…

Ganzjahresgriller

And what private information goes to Crowdsec? That someone from the USA, China or wherever starts BF attacks, port scans or other scans on your server? What is so worth protecting about that? What is the alternative that you think is better?

Example from today morning:

DocFraggle

Well, it’s basically a log parser which uploads information to the crowdsec cloud service to update the global blacklists. If that’s ok for you then go ahead, I’m just not a fan of services which don’t work on a local basis only.
fail2ban is sufficient for me

But I’ll have a deeper look into crowdsec, maybe I’m wrong about that 🙂

Ganzjahresgriller

Do you also check the Docker logs with Fail2ban? I tried to find information about it but unfortunately didn’t find much.